Avoiding Ransomware with Strong Endpoint Security

Ransomware attacks are growing in volume and sophistication—now not only damaging corporate data, but harming operations, reputations and finances as well. The FBI reported that it received over 900 complaints related to ransomware attacks, and the attacks ultimately resulted in more than $18 million in losses between April 2014 and June 2015.

By weaponizing encryption, ransomware attackers can debilitate basic operations and run up costs each day the organization isn’t able to do business. Organizations are often forced to quickly pay ransoms to get basic operations running again. Hollywood Presbyterian Medical Center made headlines back in February when the organization was forced to pay $17 thousand in Bitcoin to recover data that was encrypted during a ransomware attack. Paying the ransom was the fastest way for the medical center to restore administrative functions.

Victims of ransomware attacks can pay the ransom and hope that law enforcement will catch the attackers, but lately, police departments have also been targeted. Last year, a police department in Massachusetts fell victim to CryptoLocker, a well-known ransomware virus that was able to encrypt essential files. The police department had to pay the $500 ransom to recover their files, even after the FBI spent four days trying to help.

As ransomware becomes the latest epidemic in the cybersecurity space, a new report (PDF) from the Institute for Critical Infrastructure Technology (ICIT) notes that poor endpoint security practices are to blame for the rise in successful attacks. The report says that ransomware typically enters systems through vulnerabilities in the host operating system, but the code to exploit the ransomware is delivered via malicious email attachments and drive-by downloads.

High-value vulnerable endpoints that exist within the enterprise include servers, personal computers, and mobile devices. Servers are highly targeted by attackers, since they are essential to keeping business operations running. Personal computers and mobile devices with poor endpoint security pose a threat to organizations with BYOD policies because an infected personal device can infect an entire corporate network. Unlike other types of malware, ransomware relies on user interaction to be successful.

The first line of defense against ransomware attacks is end users, but uneducated end users can leave networks vulnerable to ransomware attacks. Organizations can spend time educating their employees about how ransomware is executed, and how attackers typically target employees. Because ransomware can be leveraged through malicious code sent via email, employees should know to only open email attachments from trusted sources.

IT security teams can also blacklist untrustworthy email servers and website domains as an added precaution, but this isn’t enough to protect from ransomware. Back in March, ads on trusted news websites like the BBC and the New York Times were hijacked by malware campaigns that tried to install ransomware onto user computers. Because even trusted websites aren’t entirely trustworthy, security teams should regularly monitor networks for suspicious activity. Continuous monitoring can help organizations catch ransomware before it’s executed and causes damage.

Another way organizations can protect their data from ransomware attacks is by regularly making backups. Large corporations should have no trouble dedicating time and resources to creating data backups, but this task can be difficult for smaller enterprises. Smaller organizations lacking time, resources, and technical knowledge can choose to use a third-party cloud service to store their data. Unfortunately, cloud service providers aren’t immune to ransomware attacks, and are often targeted because they store troves of data, and their business model is dependent on providing subscribers uninterrupted access to that data.

Some organizations opt to get the best of both worlds by adopting a hybrid cloud environment, where data is stored on private and public cloud services. Because the public and private cloud infrastructures function independently of each other, a ransomware attack on one isn’t likely to affect the other.

To best defend against ransomware, users must ensure that their machines remain up to date with the latest patches and security updates. If you fall victim to ransomware, you are either going to have to pay to get your files unlocked, or lose them forever. Don’t fall victim to these thieves and ensure you are backing up your files each day in case you had to restore the machine.

Ransomware attacks threaten all systems that are connected to the Internet, which makes it increasingly harder for organizations to not invest in good endpoint security practices. Left unaddressed, ransomware can rapidly spread to endpoints across the enterprise. Good endpoint security practices are essential to keeping ransomware from compromising critical information and potentially risking long-term damage to an organization’s brand.

About the author: Dean Dyche is World Wide Senior Director of Sales Engineering at Promisec, a pioneer in endpoint detection and response, and a leader in the Endpoint Detection and Response (EDR) market defined by Gartner. Promisec’s patented, agentless technology assures users that their endpoints are secure, audits are clean, regulations are met and vulnerabilities are addressed proactively to ensure the integrity of enterprise IT.

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.